schemas/shibboleth-2.0-native-sp-config.xsd

   1 <?xml version="1.0" encoding="US-ASCII"?>
   2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
   3         xmlns="http://www.w3.org/2001/XMLSchema"
   4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
   5         xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
   6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
   7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
   8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
   9         elementFormDefault="qualified"
  10         attributeFormDefault="unqualified"
  11         blockDefault="substitution"
  12         version="2.5.3">
  13
  14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
  15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
  16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
  17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
  18
  19   <annotation>
  20     <documentation>
  21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
  22       First appearing in Shibboleth 2.0 release.
  23     </documentation>
  24   </annotation>
  25
  26   <simpleType name="string">
  27     <restriction base="string">
  28       <minLength value="1"/>
  29     </restriction>
  30   </simpleType>
  31
  32   <simpleType name="listOfStrings">
  33     <list itemType="conf:string"/>
  34   </simpleType>
  35
  36   <simpleType name="listOfURIs">
  37     <list itemType="anyURI"/>
  38   </simpleType>
  39
  40   <simpleType name="bindingBoolean">
  41     <restriction base="string">
  42       <enumeration value="true"/>
  43       <enumeration value="false"/>
  44       <enumeration value="front"/>
  45       <enumeration value="back"/>
  46     </restriction>
  47   </simpleType>
  48
  49   <simpleType name="redirectLimitType">
  50     <restriction base="string">
  51       <enumeration value="none"/>
  52       <enumeration value="exact"/>
  53       <enumeration value="host"/>
  54       <enumeration value="whitelist"/>
  55       <enumeration value="exact+whitelist"/>
  56       <enumeration value="host+whitelist"/>
  57     </restriction>
  58   </simpleType>
  59
  60   <complexType name="PluggableType">
  61     <sequence>
  62       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  63     </sequence>
  64     <attribute name="type" type="conf:string" use="required"/>
  65     <anyAttribute namespace="##any" processContents="lax"/>
  66   </complexType>
  67
  68   <complexType name="ExtensionsType">
  69     <annotation>
  70       <documentation>Container for extension libraries and custom configuration</documentation>
  71     </annotation>
  72     <sequence>
  73       <element name="Library" minOccurs="0" maxOccurs="unbounded">
  74         <complexType>
  75           <sequence>
  76             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  77           </sequence>
  78           <attribute name="path" type="anyURI" use="required"/>
  79           <attribute name="fatal" type="boolean"/>
  80           <anyAttribute namespace="##any" processContents="lax"/>
  81         </complexType>
  82       </element>
  83       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  84     </sequence>
  85   </complexType>
  86
  87   <complexType name="StorageServiceType">
  88     <annotation>
  89       <documentation>References StorageService plugins</documentation>
  90     </annotation>
  91     <complexContent>
  92       <restriction base="conf:PluggableType">
  93         <sequence>
  94           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  95         </sequence>
  96         <attribute name="id" type="ID" use="required"/>
  97         <attribute name="cleanupInterval" type="unsignedInt"/>
  98         <anyAttribute namespace="##any" processContents="lax"/>
  99       </restriction>
 100     </complexContent>
 101   </complexType>
 102
 103   <complexType name="SessionCacheType">
 104     <annotation>
 105       <documentation>References SessionCache plugins</documentation>
 106     </annotation>
 107     <complexContent>
 108       <restriction base="conf:PluggableType">
 109         <sequence>
 110           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 111         </sequence>
 112         <attribute name="StorageService" type="IDREF"/>
 113         <attribute name="cacheAllowance" type="unsignedInt"/>
 114         <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
 115         <attribute name="maintainReverseIndex" type="boolean"/>
 116         <attribute name="excludeReverseIndex" type="conf:listOfStrings"/>
 117         <anyAttribute namespace="##any" processContents="lax"/>
 118       </restriction>
 119     </complexContent>
 120   </complexType>
 121
 122   <complexType name="ReplayCacheType">
 123     <annotation>
 124       <documentation>Ties ReplayCache to a custom StorageService</documentation>
 125     </annotation>
 126     <sequence/>
 127     <attribute name="StorageService" type="IDREF"/>
 128   </complexType>
 129
 130   <complexType name="ArtifactMapType">
 131     <annotation>
 132       <documentation>Customizes an ArtifactMap</documentation>
 133     </annotation>
 134     <sequence/>
 135     <attribute name="StorageService" type="IDREF"/>
 136     <attribute name="context" type="conf:string"/>
 137     <attribute name="artifactTTL" type="unsignedInt"/>
 138   </complexType>
 139
 140   <complexType name="OutOfProcessType">
 141     <annotation>
 142       <documentation>Container for out-of-process (shibd) configuration</documentation>
 143     </annotation>
 144     <sequence>
 145       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
 146       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 147     </sequence>
 148     <attribute name="logger" type="anyURI"/>
 149     <attribute name="tranLogFormat" type="conf:string"/>
 150     <attribute name="tranLogFiller" type="conf:string"/>
 151     <attribute name="catchAll" type="boolean"/>
 152     <anyAttribute namespace="##other" processContents="lax"/>
 153   </complexType>
 154
 155   <complexType name="InProcessType">
 156     <annotation>
 157       <documentation>
 158         Container for configuration of locally integrated or platform-specific
 159         features (e.g. web server filters)
 160       </documentation>
 161     </annotation>
 162     <sequence>
 163       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
 164       <element name="ISAPI" minOccurs="0">
 165         <complexType>
 166           <sequence>
 167             <element name="Site" maxOccurs="unbounded">
 168               <complexType>
 169                 <sequence>
 170                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
 171                 </sequence>
 172                 <attribute name="id" type="unsignedInt" use="required"/>
 173                 <attribute name="name" type="conf:string" use="required"/>
 174                 <attribute name="port" type="unsignedInt"/>
 175                 <attribute name="sslport" type="unsignedInt"/>
 176                 <attribute name="scheme" type="conf:string"/>
 177               </complexType>
 178             </element>
 179             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 180           </sequence>
 181           <attribute name="normalizeRequest" type="boolean"/>
 182           <attribute name="safeHeaderNames" type="boolean"/>
 183           <anyAttribute namespace="##other" processContents="lax"/>
 184         </complexType>
 185       </element>
 186       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 187     </sequence>
 188     <attribute name="logger" type="anyURI"/>
 189     <attribute name="unsetHeaderValue" type="conf:string"/>
 190     <attribute name="checkSpoofing" type="boolean"/>
 191     <attribute name="spoofKey" type="conf:string"/>
 192     <attribute name="catchAll" type="boolean"/>
 193     <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
 194     <anyAttribute namespace="##other" processContents="lax"/>
 195   </complexType>
 196
 197   <element name="AccessControl" type="conf:UniOperatorType">
 198     <annotation>
 199       <documentation>
 200         A simple example access policy language extension that supersedes Apache .htaccess
 201       </documentation>
 202     </annotation>
 203   </element>
 204   <complexType name="UniOperatorType">
 205     <choice>
 206       <element name="AND" type="conf:MultiOperatorType"/>
 207       <element name="OR" type="conf:MultiOperatorType"/>
 208       <element name="NOT" type="conf:UniOperatorType"/>
 209       <element name="Rule" type="conf:RuleType"/>
 210       <element name="RuleRegex" type="conf:RuleRegexType"/>
 211     </choice>
 212   </complexType>
 213   <complexType name="MultiOperatorType">
 214     <choice minOccurs="2" maxOccurs="unbounded">
 215       <element name="AND" type="conf:MultiOperatorType"/>
 216       <element name="OR" type="conf:MultiOperatorType"/>
 217       <element name="NOT" type="conf:UniOperatorType"/>
 218       <element name="Rule" type="conf:RuleType"/>
 219       <element name="RuleRegex" type="conf:RuleRegexType"/>
 220     </choice>
 221   </complexType>
 222   <complexType name="RuleType">
 223     <simpleContent>
 224       <extension base="conf:listOfStrings">
 225         <attribute name="require" type="conf:string" use="required"/>
 226         <attribute name="list" type="boolean"/>
 227       </extension>
 228     </simpleContent>
 229   </complexType>
 230   <complexType name="RuleRegexType">
 231     <simpleContent>
 232       <extension base="conf:string">
 233         <attribute name="require" type="conf:string" use="required"/>
 234         <attribute name="ignoreCase" type="boolean"/>
 235       </extension>
 236     </simpleContent>
 237   </complexType>
 238
 239   <attributeGroup name="ContentSettings">
 240     <attribute name="applicationId" type="conf:string"/>
 241     <attribute name="authType" type="conf:string"/>
 242     <attribute name="requireSession" type="boolean"/>
 243     <attribute name="requireSessionWith" type="conf:string"/>
 244     <attribute name="requireLogoutWith" type="anyURI"/>
 245     <attribute name="exportAssertion" type="boolean"/>
 246     <attribute name="exportStdVars" type="boolean"/>
 247     <attribute name="exportCookie" type="boolean"/>
 248     <attribute name="redirectToSSL" type="unsignedInt"/>
 249     <attribute name="entityID" type="anyURI"/>
 250     <attribute name="discoveryURL" type="anyURI"/>
 251     <attribute name="discoveryPolicy" type="conf:string"/>
 252     <attribute name="isPassive" type="boolean"/>
 253     <attribute name="returnOnError" type="boolean"/>
 254     <attribute name="forceAuthn" type="boolean"/>
 255     <attribute name="authnContextClassRef" type="conf:listOfURIs"/>
 256     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
 257     <attribute name="NameIDFormat" type="anyURI"/>
 258     <attribute name="SPNameQualifier" type="conf:string"/>
 259     <attribute name="redirectErrors" type="anyURI"/>
 260     <attribute name="sessionError" type="anyURI"/>
 261     <attribute name="metadataError" type="anyURI"/>
 262     <attribute name="accessError" type="anyURI"/>
 263     <attribute name="sslError" type="anyURI"/>
 264     <attribute name="target" type="anyURI"/>
 265     <attribute name="acsIndex" type="unsignedShort"/>
 266     <attribute name="REMOTE_ADDR" type="conf:string"/>
 267     <attribute name="encoding" type="conf:string"/>
 268     <anyAttribute namespace="##other" processContents="lax"/>
 269   </attributeGroup>
 270
 271   <element name="RequestMap">
 272     <annotation>
 273       <documentation>
 274         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
 275       </documentation>
 276     </annotation>
 277     <complexType>
 278       <sequence>
 279         <choice minOccurs="0">
 280           <element name="htaccess" type="conf:PluggableType"/>
 281           <element ref="conf:AccessControl"/>
 282           <element name="AccessControlProvider" type="conf:PluggableType"/>
 283         </choice>
 284         <choice minOccurs="0" maxOccurs="unbounded">
 285           <element name="Host" type="conf:HostType"/>
 286           <element name="HostRegex" type="conf:HostRegexType"/>
 287         </choice>
 288         <element ref="ds:Signature" minOccurs="0"/>
 289       </sequence>
 290       <attribute name="unicodeAware" type="boolean"/>
 291       <attributeGroup ref="conf:ContentSettings"/>
 292     </complexType>
 293   </element>
 294
 295   <complexType name="HostType">
 296     <sequence>
 297       <choice minOccurs="0">
 298         <element name="htaccess" type="conf:PluggableType"/>
 299         <element ref="conf:AccessControl"/>
 300         <element name="AccessControlProvider" type="conf:PluggableType"/>
 301       </choice>
 302       <choice minOccurs="0" maxOccurs="unbounded">
 303         <element name="Path" type="conf:PathType"/>
 304         <element name="PathRegex" type="conf:PathRegexType"/>
 305         <element name="Query" type="conf:QueryType"/>
 306       </choice>
 307     </sequence>
 308     <attribute name="scheme">
 309       <simpleType>
 310         <restriction base="conf:string">
 311           <enumeration value="http"/>
 312           <enumeration value="https"/>
 313           <enumeration value="ftp"/>
 314           <enumeration value="ldap"/>
 315           <enumeration value="ldaps"/>
 316         </restriction>
 317       </simpleType>
 318     </attribute>
 319     <attribute name="name" type="conf:string" use="required"/>
 320     <attribute name="port" type="unsignedInt"/>
 321     <attributeGroup ref="conf:ContentSettings"/>
 322   </complexType>
 323
 324   <complexType name="HostRegexType">
 325     <sequence>
 326       <choice minOccurs="0">
 327         <element name="htaccess" type="conf:PluggableType"/>
 328         <element ref="conf:AccessControl"/>
 329         <element name="AccessControlProvider" type="conf:PluggableType"/>
 330       </choice>
 331       <choice minOccurs="0" maxOccurs="unbounded">
 332         <element name="Path" type="conf:PathType"/>
 333         <element name="PathRegex" type="conf:PathRegexType"/>
 334         <element name="Query" type="conf:QueryType"/>
 335       </choice>
 336     </sequence>
 337     <attribute name="regex" type="conf:string" use="required"/>
 338     <attribute name="ignoreCase" type="boolean"/>
 339     <attributeGroup ref="conf:ContentSettings"/>
 340   </complexType>
 341
 342   <complexType name="PathType">
 343     <sequence>
 344       <choice minOccurs="0">
 345         <element name="htaccess" type="conf:PluggableType"/>
 346         <element ref="conf:AccessControl"/>
 347         <element name="AccessControlProvider" type="conf:PluggableType"/>
 348       </choice>
 349       <choice minOccurs="0" maxOccurs="unbounded">
 350         <element name="Path" type="conf:PathType"/>
 351         <element name="PathRegex" type="conf:PathRegexType"/>
 352         <element name="Query" type="conf:QueryType"/>
 353       </choice>
 354     </sequence>
 355     <attribute name="name" type="conf:string" use="required"/>
 356     <attributeGroup ref="conf:ContentSettings"/>
 357   </complexType>
 358
 359   <complexType name="PathRegexType">
 360     <sequence>
 361       <choice minOccurs="0">
 362         <element name="htaccess" type="conf:PluggableType"/>
 363         <element ref="conf:AccessControl"/>
 364         <element name="AccessControlProvider" type="conf:PluggableType"/>
 365       </choice>
 366       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
 367     </sequence>
 368     <attribute name="regex" type="conf:string" use="required"/>
 369     <attribute name="ignoreCase" type="boolean"/>
 370     <attributeGroup ref="conf:ContentSettings"/>
 371   </complexType>
 372
 373   <complexType name="QueryType">
 374     <sequence>
 375       <choice minOccurs="0">
 376         <element name="htaccess" type="conf:PluggableType"/>
 377         <element ref="conf:AccessControl"/>
 378         <element name="AccessControlProvider" type="conf:PluggableType"/>
 379       </choice>
 380       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
 381     </sequence>
 382     <attribute name="name" type="conf:string" use="required"/>
 383     <attribute name="regex" type="conf:string"/>
 384     <attributeGroup ref="conf:ContentSettings"/>
 385   </complexType>
 386
 387   <complexType name="ApplicationDefaultsType">
 388     <annotation>
 389       <documentation>Container for default settings and application-specific overrides</documentation>
 390     </annotation>
 391     <sequence>
 392       <element name="Sessions" type="conf:SessionsType"/>
 393       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
 394       <choice minOccurs="0" maxOccurs="unbounded">
 395         <element name="RelyingParty" type="conf:RelyingPartyType"/>
 396         <element name="Notify" type="conf:NotifyType"/>
 397         <element ref="saml:Audience"/>
 398         <element name="MetadataProvider" type="conf:PluggableType"/>
 399         <element name="TrustEngine" type="conf:PluggableType"/>
 400         <element name="AttributeExtractor" type="conf:PluggableType"/>
 401         <element name="AttributeResolver" type="conf:PluggableType"/>
 402         <element name="AttributeFilter" type="conf:PluggableType"/>
 403         <element name="CredentialResolver" type="conf:PluggableType"/>
 404         <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
 405       </choice>
 406     </sequence>
 407     <attribute name="id" type="conf:string" fixed="default"/>
 408     <attribute name="entityID" type="anyURI" use="required"/>
 409     <attributeGroup ref="conf:ApplicationGroup"/>
 410     <attributeGroup ref="conf:RelyingPartyGroup"/>
 411     <anyAttribute namespace="##other" processContents="lax"/>
 412   </complexType>
 413
 414   <complexType name="ApplicationOverrideType">
 415     <annotation>
 416       <documentation>Container for application-specific overrides</documentation>
 417     </annotation>
 418     <sequence>
 419       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
 420       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
 421       <choice minOccurs="0" maxOccurs="unbounded">
 422         <element name="RelyingParty" type="conf:RelyingPartyType"/>
 423         <element name="Notify" type="conf:NotifyType"/>
 424         <element ref="saml:Audience"/>
 425         <element name="MetadataProvider" type="conf:PluggableType"/>
 426         <element name="TrustEngine" type="conf:PluggableType"/>
 427         <element name="AttributeExtractor" type="conf:PluggableType"/>
 428         <element name="AttributeResolver" type="conf:PluggableType"/>
 429         <element name="AttributeFilter" type="conf:PluggableType"/>
 430         <element name="CredentialResolver" type="conf:PluggableType"/>
 431       </choice>
 432     </sequence>
 433     <attribute name="id" type="conf:string" use="required"/>
 434     <attribute name="entityID" type="anyURI"/>
 435     <attributeGroup ref="conf:ApplicationGroup"/>
 436     <attributeGroup ref="conf:RelyingPartyGroup"/>
 437     <anyAttribute namespace="##other" processContents="lax"/>
 438   </complexType>
 439
 440   <attributeGroup name="ApplicationGroup">
 441     <attribute name="homeURL" type="anyURI"/>
 442     <attribute name="policyId" type="conf:string"/>
 443     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
 444     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
 445     <attribute name="metadataAttributePrefix" type="conf:string"/>
 446     <attribute name="attributePrefix" type="conf:string"/>
 447     <attribute name="requireAuthenticatedEncryption" type="boolean"/>
 448   </attributeGroup>
 449
 450   <attributeGroup name="RelyingPartyGroup">
 451     <attribute name="authType" type="conf:string"/>
 452     <attribute name="authUsername" type="conf:string"/>
 453     <attribute name="authPassword" type="conf:string"/>
 454     <attribute name="signing" type="conf:bindingBoolean"/>
 455     <attribute name="signingAlg" type="anyURI"/>
 456     <attribute name="digestAlg" type="anyURI"/>
 457     <attribute name="encryption" type="conf:bindingBoolean"/>
 458     <attribute name="encryptionAlg" type="anyURI"/>
 459     <attribute name="keyName" type="conf:string"/>
 460     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
 461     <attribute name="chunkedEncoding" type="boolean"/>
 462     <attribute name="connectTimeout" type="unsignedShort"/>
 463     <attribute name="timeout" type="unsignedShort"/>
 464     <attribute name="requireConfidentiality" type="boolean"/>
 465     <attribute name="requireTransportAuth" type="boolean"/>
 466     <attribute name="requireSignedAssertions" type="boolean"/>
 467     <attribute name="sessionHook" type="anyURI"/>
 468     <attribute name="artifactByFilesystem" type="boolean"/>
 469   </attributeGroup>
 470
 471   <complexType name="SessionsType">
 472     <annotation>
 473       <documentation>Container for specifying protocol handlers and session policy</documentation>
 474     </annotation>
 475     <sequence>
 476       <element name="SSO" minOccurs="0">
 477         <complexType>
 478           <annotation>
 479             <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
 480           </annotation>
 481           <simpleContent>
 482             <extension base="conf:listOfStrings">
 483               <attribute name="policyId" type="conf:string"/>
 484               <attribute name="ignoreNoPassive" type="boolean"/>
 485               <attribute name="discoveryProtocol" type="conf:string"/>
 486               <attribute name="discoveryURL" type="anyURI"/>
 487               <attributeGroup ref="conf:SessionInitiatorGroup"/>
 488             </extension>
 489           </simpleContent>
 490         </complexType>
 491       </element>
 492       <element name="Logout" minOccurs="0">
 493         <complexType>
 494           <annotation>
 495             <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
 496           </annotation>
 497           <simpleContent>
 498             <extension base="conf:listOfStrings">
 499               <attribute name="policyId" type="conf:string"/>
 500               <attributeGroup ref="conf:LogoutInitiatorGroup"/>
 501             </extension>
 502           </simpleContent>
 503         </complexType>
 504       </element>
 505       <element name="NameIDMgmt" minOccurs="0">
 506         <complexType>
 507           <annotation>
 508             <documentation>Implicitly configures ManageNameIDService handlers</documentation>
 509           </annotation>
 510           <simpleContent>
 511             <extension base="conf:listOfStrings">
 512               <attribute name="policyId" type="conf:string"/>
 513             </extension>
 514           </simpleContent>
 515         </complexType>
 516       </element>
 517       <choice minOccurs="0" maxOccurs="unbounded">
 518         <element ref="conf:SessionInitiator"/>
 519         <element ref="conf:LogoutInitiator"/>
 520         <element ref="md:AssertionConsumerService"/>
 521         <element ref="md:ArtifactResolutionService"/>
 522         <element ref="md:SingleLogoutService"/>
 523         <element ref="md:ManageNameIDService"/>
 524         <element ref="conf:Handler"/>
 525       </choice>
 526     </sequence>
 527     <attribute name="handlerURL" type="anyURI"/>
 528     <attribute name="handlerSSL" type="boolean"/>
 529     <attribute name="exportLocation" type="conf:string"/>
 530     <attribute name="exportACL" type="conf:listOfStrings"/>
 531     <attribute name="cookieName" type="conf:string"/>
 532     <attribute name="cookieProps" type="conf:string"/>
 533     <attribute name="cookieLifetime" type="unsignedInt"/>
 534     <attribute name="idpHistory" type="boolean"/>
 535     <attribute name="idpHistoryDays" type="unsignedInt"/>
 536     <attribute name="idpHistoryProps" type="conf:string"/>
 537     <attribute name="lifetime" type="unsignedInt"/>
 538     <attribute name="timeout" type="unsignedInt"/>
 539     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
 540     <attribute name="checkAddress" type="boolean"/>
 541     <attribute name="consistentAddress" type="boolean"/>
 542     <attribute name="postData" type="conf:string"/>
 543     <attribute name="postLimit" type="positiveInteger"/>
 544     <attribute name="postTemplate" type="conf:string"/>
 545     <attribute name="postExpire" type="boolean"/>
 546     <attribute name="relayState" type="conf:string"/>
 547     <attribute name="relayStateLimit" type="conf:redirectLimitType"/>
 548     <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
 549     <attribute name="redirectLimit" type="conf:redirectLimitType"/>
 550     <attribute name="redirectWhitelist" type="conf:listOfURIs"/>
 551     <anyAttribute namespace="##other" processContents="lax"/>
 552   </complexType>
 553
 554   <attribute name="policyId" type="conf:string">
 555     <annotation>
 556       <documentation>Used to override Policy from profile endpoints</documentation>
 557     </annotation>
 558   </attribute>
 559
 560   <attribute name="ignoreNoPassive" type="boolean">
 561     <annotation>
 562       <documentation>Used to ignore NoPassive errors in AssertionConsumerService endpoints</documentation>
 563     </annotation>
 564   </attribute>
 565
 566   <attributeGroup name="SessionInitiatorGroup">
 567     <annotation>
 568       <documentation>Options common to explicit and implicit SessionInitiators</documentation>
 569     </annotation>
 570     <attribute name="relayState" type="conf:string"/>
 571     <attribute name="entityIDParam" type="conf:string"/>
 572     <attribute name="entityID" type="anyURI"/>
 573     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
 574     <attribute name="preservedOptions" type="conf:listOfStrings"/>
 575     <attribute name="template" type="anyURI"/>
 576     <attribute name="postArtifact" type="boolean"/>
 577     <attribute name="acsByIndex" type="boolean"/>
 578     <attribute name="isPassive" type="boolean"/>
 579     <attribute name="returnOnError" type="boolean"/>
 580     <attribute name="forceAuthn" type="boolean"/>
 581     <attribute name="authnContextClassRef" type="anyURI"/>
 582     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
 583     <attribute name="NameIDFormat" type="anyURI"/>
 584     <attribute name="SPNameQualifier" type="conf:string"/>
 585     <attribute name="requestDelegation" type="boolean"/>
 586     <attribute name="target" type="anyURI"/>
 587     <attribute name="discoveryPolicy" type="conf:string"/>
 588     <anyAttribute namespace="##any" processContents="lax"/>
 589   </attributeGroup>
 590
 591   <element name="SessionInitiator">
 592     <annotation>
 593       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
 594     </annotation>
 595     <complexType>
 596       <complexContent>
 597         <restriction base="conf:PluggableType">
 598           <sequence>
 599             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 600           </sequence>
 601           <attribute name="Location" type="anyURI"/>
 602           <attribute name="id" type="conf:string"/>
 603           <attribute name="isDefault" type="boolean"/>
 604           <attribute name="URL" type="anyURI"/>
 605           <attribute name="acsIndex" type="unsignedShort"/>
 606           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
 607           <attributeGroup ref="conf:SessionInitiatorGroup"/>
 608         </restriction>
 609       </complexContent>
 610     </complexType>
 611   </element>
 612
 613   <attributeGroup name="LogoutInitiatorGroup">
 614     <annotation>
 615       <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
 616     </annotation>
 617     <attribute name="relayState" type="conf:string"/>
 618     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
 619     <attribute name="template" type="anyURI"/>
 620     <attribute name="postArtifact" type="boolean"/>
 621     <anyAttribute namespace="##any" processContents="lax"/>
 622   </attributeGroup>
 623
 624   <element name="LogoutInitiator">
 625     <annotation>
 626       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
 627     </annotation>
 628     <complexType>
 629       <complexContent>
 630         <restriction base="conf:PluggableType">
 631           <sequence>
 632             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 633           </sequence>
 634           <attribute name="Location" type="anyURI"/>
 635           <attributeGroup ref="conf:LogoutInitiatorGroup"/>
 636         </restriction>
 637       </complexContent>
 638     </complexType>
 639   </element>
 640
 641   <element name="Handler">
 642     <annotation>
 643       <documentation>Used to specify custom handlers</documentation>
 644     </annotation>
 645     <complexType>
 646       <complexContent>
 647         <restriction base="conf:PluggableType">
 648           <sequence>
 649             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 650           </sequence>
 651           <attribute name="Location" type="anyURI" use="required"/>
 652           <attribute name="acl" type="conf:listOfStrings"/>
 653           <anyAttribute namespace="##any" processContents="lax"/>
 654         </restriction>
 655       </complexContent>
 656     </complexType>
 657   </element>
 658
 659   <complexType name="ErrorsType">
 660     <annotation>
 661       <documentation>Container for error templates and associated details</documentation>
 662     </annotation>
 663     <sequence>
 664       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 665     </sequence>
 666     <attribute name="redirectErrors" type="anyURI"/>
 667     <attribute name="session" type="anyURI"/>
 668     <attribute name="metadata" type="anyURI"/>
 669     <attribute name="access" type="anyURI"/>
 670     <attribute name="ssl" type="anyURI"/>
 671     <attribute name="localLogout" type="anyURI"/>
 672     <attribute name="globalLogout" type="anyURI"/>
 673     <attribute name="partialLogout" type="anyURI"/>
 674     <anyAttribute namespace="##any" processContents="lax"/>
 675   </complexType>
 676
 677   <complexType name="RelyingPartyType">
 678     <annotation>
 679       <documentation>Container for specifying settings to use with particular peers</documentation>
 680     </annotation>
 681     <sequence>
 682       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 683     </sequence>
 684     <attribute name="Name" type="conf:string"/>
 685     <attribute name="type" type="conf:string"/>
 686     <attributeGroup ref="conf:RelyingPartyGroup"/>
 687     <attribute name="entityID" type="anyURI"/>
 688     <anyAttribute namespace="##any" processContents="lax"/>
 689   </complexType>
 690
 691   <complexType name="NotifyType">
 692     <annotation>
 693       <documentation>Used to specify locations to receive application notifications</documentation>
 694     </annotation>
 695     <sequence/>
 696     <attribute name="Channel" use="required">
 697       <simpleType>
 698         <restriction base="string">
 699           <enumeration value="front"/>
 700           <enumeration value="back"/>
 701         </restriction>
 702       </simpleType>
 703     </attribute>
 704     <attribute name="Location" type="anyURI" use="required"/>
 705     <anyAttribute namespace="##any" processContents="lax"/>
 706   </complexType>
 707
 708   <element name="SecurityPolicies">
 709     <complexType>
 710       <annotation>
 711         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
 712       </annotation>
 713       <sequence>
 714         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
 715           <annotation>
 716             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
 717           </annotation>
 718           <complexType>
 719             <choice>
 720               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
 721               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
 722             </choice>
 723             <attribute name="id" type="conf:string" use="required"/>
 724             <attribute name="validate" type="boolean"/>
 725             <anyAttribute namespace="##any" processContents="lax"/>
 726           </complexType>
 727         </element>
 728         <choice minOccurs="0">
 729           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
 730           <element name="AlgorithmBlacklist">
 731             <complexType>
 732               <simpleContent>
 733                 <extension base="conf:listOfURIs">
 734                   <attribute name="includeDefaultBlacklist" type="boolean"/>
 735                 </extension>
 736               </simpleContent>
 737             </complexType>
 738           </element>
 739         </choice>
 740       </sequence>
 741     </complexType>
 742   </element>
 743
 744   <element name="TransportOption">
 745     <annotation>
 746       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
 747     </annotation>
 748     <complexType>
 749       <simpleContent>
 750         <extension base="anySimpleType">
 751           <attribute name="provider" type="conf:string" use="required"/>
 752           <attribute name="option" type="conf:string" use="required"/>
 753         </extension>
 754       </simpleContent>
 755     </complexType>
 756   </element>
 757
 758   <element name="SPConfig">
 759     <complexType>
 760       <annotation>
 761         <documentation>Root of configuration</documentation>
 762       </annotation>
 763       <sequence>
 764         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
 765         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
 766         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
 767         <choice minOccurs="0">
 768           <element name="UnixListener">
 769             <complexType>
 770               <attribute name="address" type="conf:string" use="required"/>
 771               <attribute name="stackSize" type="unsignedInt"/>
 772             </complexType>
 773           </element>
 774           <element name="TCPListener">
 775             <complexType>
 776               <attribute name="address" type="conf:string" use="required"/>
 777               <attribute name="port" type="unsignedInt" use="required"/>
 778               <attribute name="acl" type="conf:listOfStrings"/>
 779               <attribute name="stackSize" type="unsignedInt"/>
 780             </complexType>
 781           </element>
 782           <element name="Listener" type="conf:PluggableType"/>
 783         </choice>
 784         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
 785         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
 786         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
 787         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
 788         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
 789         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
 790         <choice>
 791           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
 792           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
 793         </choice>
 794         <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
 795         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
 796         <element ref="ds:Signature" minOccurs="0"/>
 797       </sequence>
 798       <attribute name="logger" type="anyURI"/>
 799       <attribute name="clockSkew" type="unsignedInt"/>
 800       <attribute name="unsafeChars" type="conf:string"/>
 801       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
 802       <attribute name="langFromClient" type="boolean"/>
 803       <attribute name="langPriority" type="conf:listOfStrings"/>
 804       <attribute name="contactPriority" type="conf:listOfStrings"/>
 805       <anyAttribute namespace="##other" processContents="lax"/>
 806     </complexType>
 807   </element>
 808
 809 </schema>